Get rid of brower hijacker - Istartsurf
-
A Former User last edited by
Check that the malware hasn't just added the address to Opera's shortcut as a switch.
-
lioness11 last edited by
It was in the shortcut switch. The only place I hadn't checked. Malawarebytes and CCleaner had got rid of everything else, plus manual deletes in other browser settings. Really appreciate your help everyone. Problem sorted.
-
bogdanlazar last edited by
so, did somebody found out how can it be removed from opera browser. because there are guides to remove istartsurf from the other browsers.
-
bogdanlazar last edited by
I have used adwcleaner, and some other programs but did not help. I successfully removed it manually from ie and firefox according to the instructions found on many websites, but nothing about opera. I'm using Opera 24.0. i tried to delete the files from appdata/local/, I've deleted the cookies .. didn't help.
-
frajer last edited by
i don't understand any of this, anyone pls write in step by step
Dave said:
Did you check the command line in Opera's startup shortcut?
Did you check the command line in Opera's startup shortcut?
and sgun:
Is that the shortcut you use to start Opera - and that isn't the command line of the shortcut. The command line should be "C:\Program Files (x86)\Opera\launcher.exe" (with nothing after the second quote).what does that mean, please I can't get rid of this..
-
frajer last edited by
i'm using Opera beta, I managed to remove it from Chrome and apparently form Opera and looks alike from system..I hope..only for Opera beta I can't find it. I don't understand what are switches or how it can be in command line.
thanks -
blackbird71 last edited by
Istartsurf is adware that hijacks your browser to force it to use Istartsurf's websites and show their ads. To get rid of it, you have to remove all of its program files from your computer and undo the changes it makes to your system's registry, which removal is what the Malwarebytes and AdwCleaner tools will try to help you do.
You may also have to manually remove any changes the adware may have made to any of the shortcuts used for starting up your browser... shortcuts are the little icon-buttons on your desktop or your taskbar/toolbars, and they contain commands to the computer to start up the associated program. Adware hijackers can attach special command terminology to what is written within those shortcuts and which may force a browser to go directly to the adware's website upon browser startup... in which case, you have to clear out that added terminology if it exists.
When you right click a startup icon for Opera, you should see a Properties entry (if the icon is in your Windows taskbar instead of the desktop, you will then need to right click on the software name as well to see the Properties entry); left click on that Properites word to bring up the Properties panel for the shortcut. Under the shortcut tab, you should see a Target: line with a computer command in it. That command should ordinarily read "C:\Program Files (x86)\Opera\launcher.exe" with no other terms or letters behind those words. If something else appears there, copy it and report back here. If it reads as written, then the shortcut is OK.
Note that if you have other browsers, or browser shortcuts in other user accounts, you should manually check each and every one to assure that all of the adware linkages have been completely cleared out.
-
frajer last edited by
THANK YOU blackbird71!
o man I found it, thank You blackbird71 for that detailed explanation! and so soon!! I was expecting to see the answer in couple of days I manage to remove it from Chrome before and from system it was a pain as it was in lot's of places. Malwarebytes removed some but not all then I started Loaris but ofc it prompted me money at the end but I saw that it has log so I manually removed all suspicious files from that log..and some else lol..but all is ok now apart from Opera beta. I manually removed it from Chrome as well and in restored it to default settings. And is ok now it doesn't appear in Chrome. So as You described I found that, I hope last, peace of it, here is target:"C:\Program Files (x86)\Opera beta\launcher.exe" ttp://www.istartsurf.com/?type=sc&ts=1424459648&from=smt&uid=WDCXWD2500AAKX-221CA1_WD-WCAYV196280462804
I edited and removed h so address is not clickable..I'm that paranoid , I've spent all day dealing with this
what next?